134 matches found
EUVD-2017-8696
Malware in sbrugna...
EUVD-2024-22192
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-17536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary...
CVE-2024-24829
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2017-17536
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring...
CVE-2024-24829
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...
Server side request forgery (ssrf)
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...
Mobileiron Sentry Code Issue Vulnerability
Mobileiron Sentry is a Smart Gateway product from Mobileiron, Inc. A code issue vulnerability exists in Mobileiron Sentry versions prior to 9.1.0 through 24.1.2 that stems from a server request forgery vulnerability in Phabricator...
CVE-2024-24829
Sentry’s Phabricator integration (versions
CVE-2024-24829 SSRF in Sentry via Phabricator integration
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...
CVE-2024-24829 SSRF in Sentry via Phabricator integration
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...
CVE-2024-24829 SSRF in Sentry via Phabricator integration
Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...
PT-2024-20595 · Sentry · Sentry
Name of the Vulnerable Software and Affected Versions: Sentry versions =24.1.1 Description: Sentry is an error tracking and performance monitoring platform with an integration platform for external services. The Phabricator integration contains a constrained SSRF vulnerability, allowing an attack...
gix-transport code execution vulnerability
The gix-transport crate prior to the patched version 0.36.1 would allow attackers to use malicious ssh clone URLs to pass arbitrary arguments to the ssh program, leading to arbitrary code execution. PoC: gix clone 'ssh://-oProxyCommand=open$IFS-aCalculator/foo' This will launch a calculator on OS...
GHSA-W4G6-8XQP-G92M Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control coverage report file contents for the Post to Phabricator post-build action to have Jenkins parse a crafted XML document th...
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control coverage report file contents for the Post to Phabricator post-build action to have Jenkins parse a crafted XML document th...
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-28683
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
Xxe
Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...